On 10/19/2011 3:20 PM, John York wrote: > > Hi > > > > We’re in the process of bringing up a new NPS server, and a contractor tells > me that > the cert Common Name and the server’s DNS fqdn don’t have to match like they > do on an > SSL server. > > > > “For wireless, any valid certificate will do. It does not have to match the > name of > the NPS server. You can use an existing certificate for anything as long as > it’s > valid and doesn't invalidate your licensing agreement with your SSL cert > provider.” > > > > If that’s true, I’ve been adding extra complexity to my work for years. I > guess “any > valid cert” would also have to come from a CA the user’s computer accepts. > Comments? > > >
For everything except Windows :) Windows is very picky about the EAP certificate. We tried to fight this battle over the summer when planning our WPA2 roll-out but ended up pushing a cert with XpressConnect. Verisign has some "Windows dot-1X" specific support I recall seeing, but otherwise, you need some special certificate magic for 3rd-party certs to work without some additional handshaking. http://support.microsoft.com/kb/814394 discusses this (but doesn't exactly clarify "how") Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
